Now you might know this:

someone: hey my friend want add u but cant (steam error add him pls [LOLPHISH]
someone2: hey im really interested in ur items but got keys on my main ((: add my [LOLPHISH]

The [LOLPHISH] are links that look like the steam community one but are misspelt. Once you try to log in there, what you entered will be sent to the bot and he will use this information to go into your account and steal your valuable items, if there are any.

BUT, it's not harmless anyone like the above example. The phishing bots have developed another method which is WAY more agressive than the above examples:

agressor: Hi, I want swap this knife, Link to screenshot - [OMGPHISH]

The [OMGPHISH] link looks like a link to a picture sharing website. It is structured like that: picthingy(dot)numbers(dot)domain/img_numbersnumbers.png

HOWEVER: It does NOT lead to a picture or anything. More in the next section.

So we have a new link, and we will examine it.
I will not openly share it to avoid too curious people on clicking on it. I'm dead serious about this.
Well let's take a look at the image below. I used Web Sniffer for it, It's easy and reveals all details about the site, without visiting it.
Apart from some minor details like the IP of the website, it's host etc. It also reveals if it redirects to any other website. I marked the link with a red outline.
Do you recognize that? It's a direct Google Drive download link. The &confirm=no_antivirus part is where it does NOT give you a warning when you download the file. So it's not an image. But what is the file like?

Here I used Virustotal to examine the file. I did this by visiting Virustotal, checking the URL Web Sniffer revealed me and then letting it check the file.
The results are as I expected. 18 smart Antivirus companies have reported the file as a trojan virus.
A trojan virus is like a romanian one. It's sturdy, and once it arrived at it's goal, the computer, it releases it's soldiers, the viruses.
The .scr file extension relates to "Script". It is mainly used for Screensavers, but it's one of the most abused files on any Windows OS, as it easily carries trojans. Once it's done downloading, it will wreak havoc in your PC.
Okay you're pretty much screwed right now unless you have a good Antivirus like I do (AVG 2014). If your antivirus does not immedietally recognize the virus, start a full scan of your computer as soon as possible.
Now? All your passwords and precious data will be stolen, mainly the steam login informations through brute force. It has the same effect as the old add my friend phish, the bot goes into your account and steals your items.

There are many things to do. I'll make a list of what you can do to protect yourself.

• Do not click on any links. None. Absolutely. If one of your friends asks you to watch a video or something, ask them to give informations about the video so you can search it for yourself on youtube. If you do want to click on links check if they are safe with the methods I used above.
  
• As a trader, if you use sites like TF2 Outpost or Bazaar.tf, inform your customers to use trade offers instead of friend adds. If someone adds you, ignore or block them. If a suspicious, dumb looking trade offer appears, report and decline it.
  
• If you DO want to accept friend requests, then see if the profile is private, or if it even has the game to trade stuff for. If the profile is private, level 0 or 1, or if it doesn't have said game, ignore it.
  
• You might accept a friend request from a safe looking person with a high level. If he sends you the phishing messages, then It's a victim of a phishing bot. Simply unadd him. Don't block him, as he might be a future customer.
  
• It is in most cases safe to add people currently playing a game, as bots often do not play games when active. This might change in the future.
  
• If you notice that you lost some items, contact Steam Support immedietally.
  
• Change your password, your E-Mail, whatever, if you find out you clicked on a phishing link.
  
• Always be aware of phishers.

Now they might be obvious and stuff you would do, I advise you to ALWAYS do these.

Thanks for spreading this so far! I didn't really expect this to pop up in the front page of TF2 guides. And recieving an over 50 new comments notification spam.

Thus I'm sharing a well-known method of effectively using the dumbness of human phishers to get items for absolutely free. He has to be human though. It works mostly with the "add my friend" phish.
Here is the link: http://forums.backpack.tf/index.php?/topic/16506-guide-how-to-profit-from-phishers/
And if you don't trust it, check it with the methods above. I take no credit for it.

tl;dr Bots use a new method, one click means death.

Feedback about this guide is appreciated. Share this to everyone you know, as it might hit them very hard.

Stay safe!
-Ex

Allright, now I'm getting a handful of friend requests from thankful people. It's nice but y'know, there's a limit in my friends list. So I made this FAQ section to answer the most common questions.

A: I can't really tell, as there's something called browser exploits. Websites can be created in ways to abuse your internet browser features, e.g. Drive-by downloads. Google that if you don't know what that is.
A: I doubt you really are if you executed the files without your antivirus stopping them. .scr files however execute themselves after they dropped on your PC and do their job instantly. You better run a full computer scan after that, change your password and/ or change your E-Mail. And, most importantly, contact Steam Support within 8 days so they can further secure your account.
A: You better thank me in the comments section instead of adding me. As I said before my friends list is filling. I appreciate that but don't push it too far.
A: ( ͡o ͜ʖ ͡o)
A: lol yes. Google them rewards.